Hi folks, Jim at Linode here. I’m interested in helping resolve this problem, as we’d like to continue to recommend to Linode customers that they use ClamAV for their needs.
> Slow your updater down. > I'm fairly certain that my system is still configured with the defaults > freshclam configuration. It looks like it's checking once an hour. We generally recommend customers use ClamAV in response to a system compromise, so they’re just using whatever default configuration that came with the package they installed. Most customers only run ClamAV when they’re specifically looking for malware, usually from our recovery environment (called Rescue Mode). Freshclam is usually run once in Rescue Mode. > Linode is our second biggest abuser. Is this “abuse” being caused by specific IP addresses? Or is the volume of traffic sending from our network being categorized as “abusive”? Any specifics you can share would be helpful in us understanding the cause of this problem. Our impression is that use of ClamAV on our platform hasn’t meaningfully changed recently. Would a private mirror help the situation? I believe we could configure Rescue Mode to fetch updates from whatever private mirror we configure, but if this problem originates somewhere else, I don’t know how much good that will do. - Jim
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
